Catalina - Ensure System Volume is Read Only

Information

The System volume _MUST_ be mounted as read-only in order to ensure that configurations critical to the integrity of the macOS have not been compromised. System Integrity Protection (SIP) will prevent the system volume from being mounted as writable.

NOTE: The system volume is read only by default in macOS.

Solution

NOTE: To remount the System volume as Read Only, rebooting the computer will mount it as Read Only.

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|MA-4(1), 800-53|SC-34, 800-53|SI-7, CCE|CCE-84851-5

Plugin: Unix

Control ID: 386897e8bfa79336704ff6e7646af8d0294fac2d1f56fcd6f3b08ca648ab754b